Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

ufodisko's avatar

URL masking

Is it possible to mask urls with Laravel?

For example, if I have a URL https://example.com/images/image.png but I'd like to make it https://example.com/download/5c50f2b2-33c8-496b-9f97-f5025e58aff7

Is that possible?

0 likes
10 replies
LaryAI's avatar
LaryAI
AI
3 years ago
Level 58

Yes, it is possible to mask URLs with Laravel. One way to achieve this is by using route parameters and a controller method to handle the request.

First, define a route that includes a parameter for the image ID:

Route::get('/download/{id}', 'DownloadController@downloadImage');

Next, create a controller method that retrieves the image based on the ID and returns it as a download:

public function downloadImage($id)
{
    $image = Image::find($id);
    $path = storage_path('app/' . $image->path);
    return response()->download($path);
}

In this example, the image is retrieved from a database using the ID parameter. The image path is then used to generate a download response using Laravel's response()->download() method.

Finally, update the image URLs in your application to use the new route:

<a href="{{ route('downloadImage', ['id' => $image->id]) }}">Download Image</a>

This will generate a URL like https://example.com/download/5c50f2b2-33c8-496b-9f97-f5025e58aff7 that will be handled by the downloadImage method in the DownloadController.

ufodisko's avatar

@LaryAI Where is the route downloadImage coming from? Did we name the route we created as that?

<a href="{{ route('downloadImage', ['id' => $image->id]) }}">Download Image</a>
dacfabre's avatar

@ufodisko thats the name of route @laryai is an AI. it shouldve been Route::get('/download/{id}', 'DownloadController@downloadImage')->name('downloadImage');

1 like
ufodisko's avatar

@dacfabre I'm aware he's an AI, it's in his name. I just thought he was able to answer replies as well.

Thank you for replying though, will try it out.

Snapey's avatar

@ufodisko

This reply was automagically generated by our local A.I. Think of it as a one-off attempt to instantly solve your problem. It will not respond to further replies.

Snapey's avatar

If you are not screening the requests in any way, whats the point?

Give your image a filename made from a UUID or long filename. Make sure you specify the file extension. The nett effect would be the same, apart from it being less load on your webserver and a quicker download (no need to boot the framework)

ufodisko's avatar

@Snapey I already did that, my file path is as follows {$uuid}/{$random_12_chars}.png

However, the user can go to downloads in their browser and just copy the image path and download it again. I'm trying to mask that url and make the filepath inaccessible directly unless they go to the app and click on "Download"

How might I achieve that? Middleware?

Snapey's avatar

@ufodisko the solution you asked for, and lary provided would do exactly the same. The user can ask for the image at any time or share the link with others.

@martinbean is correct, you would need to serve the image file via the application (as described) and ALSO use signed links which are time limited

Please or to participate in this conversation.